On Fri, Oct 14, 2022 at 10:50 AM Roman Danyliw wrote:
>
> > >
> > > ** Section 11.2
> > >
> > > One option would be to have a mechanism allowing the registration of
> > > extension modules, each of them responsible for rendering the
> > > respective user consent and any transformation neede
Hi All
Following on from the discussions at IETF 113, the OAuth Security Workshop,
Identiverse and IETF 114, Daniel, Filip and I created a draft document
capturing some of the attacks that we are seeing on cross device flows,
including Device Authorization Grant (aka Device Code Flow).
These
